These Windows Defender flaws are being used in the wild already, so if you haven’t patched, assume it’s an active risk and respond accordingly.Hackers are abusing unpatched Windows security flaws to hack into organizations | TechCrunch
Public exploit code for Defender bugs makes this a patch-now issue, since Defender is on nearly every Windows machine and quietly scans untrusted attachments all day. If you can’t update right away, a practical stopgap is blocking risky attachment types at the mail gateway for a bit—things like .js, .vbs, .lnk, and .iso—so the scanner isn’t chewing on attacker-crafted samples while you get patches lined up.
